Track  2
PacNOG 10

Initial Ubuntu System Administration
------------------------------------

Notes
------

* Commands preceded with "$" imply that you should execute the command as
  a general user - not as root.
* Commands preceded with "#" imply that you should be working as root using
  "sudo"
* Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>")
  imply that you are executing commands on remote equipment, or within
  another program.

1. Find out what's installed
   -------------------------

Log on to your machine using SSH as the user specified in class.

Once you are logged in, take a look at all the packages installed on your
system:

	$ dpkg --get-selections

All installed packages fly by on the screen. Let's slow that down:

	$ dpkg --get-selections | less

The "less" command lets you quickly search text. Is the "openssh-server" server
installed on your machines?  (It should be if you are logged in :)

	Type "/openssh" and press <ENTER>

You should see something like:

	openssh-client                                 install
	openssh-server                                 install

with the "openssh" text highlighted. Press "q" to exit the less screen.

Another way to see packages is:

	$ dpkg --list | less

Try it!


OK, what version of "openssh-server" is installed?

	$ apt-cache policy openssh-server

Or, you could also say:

	$ dpkg --list openssh-server


2. Find out if a package is available to be installed
   --------------------------------------------------

You have a local cache of all packages available to be installed from the Ubuntu
package repositories. You can search this cache using the "apt-cache" command. Before 
you can use apt-cache the first time you need to update your local cache. Let's do this
now (we did this for you when setting up your machine):

	$ sudo apt-get update

Once this completes we can search for available packages. Let's see if the "ipcalc" 
package is available in our Ubuntu repositories:

	$ apt-cache search ipcalc 

It looks like there are three packages matching the name "ipcalc". Try typing:

	$ sudo apt-get install ipcalc
	[sudo] password for sysadm: .... <- your password

	$ ipcalc 67.218.55.0/26

This is very useful! We'll talk more about what all this means later today.


3. Stopping and starting services
   ------------------------------

The scripts to run services on your machine are located in /etc/init.d/. By default,
when Ubuntu installs a package the startup scripts for the package are run and the
package is configured to automatically run at system startup.

Try viewing the status of the ssh server, stopping and starting the server and 
reloading the server's configuration file (/etc/ssh/sshd_config):

The control script for ssh is here:

	/etc/init.d/ssh

... but it is more common in modern Linux to use the "service" command to control
services:

	$ service ssh help

You are shown the commands you can perform on the ssh service.

Try to view the status of the ssh server:

	$ sudo service ssh status

Now, stop, start, restart the server and reload it's configuration file, using the
commands that "service ssh help" has returned:

	$ sudo service ssh ...


4. Turning a service off
   ---------------------

If, for some reason, you decide that a currently running service should be turned off
permanently, but that the software should not be removed, then you need to use the
update-rc.d utility.

To stop ssh permanently you would do:

	$ sudo update-rc.d ssh disable

Oops! But, we need ssh. Let's re-enable the server:

	$ sudo update-rc.d ssh enable

Type man update-rc.d for more details on how this works.

Be sure you re-enable ssh!  To check that ssh is running, try and start a new
SSH connectio from your laptop to your PC - can you log in ?


5. Automatically updating your software
   ------------------------------------

If you want Ubuntu to automatically update software on your machine as soon as new versions 
are available, there is a special package called "unattended-upgrades".

Please don't install this package yet. There are both pluses and minuses to
automatically upgrading a server. 

Alternatively you can do:

	$ sudo apt-get install apticron

to install a package that will email an administrator information about any packages on 
the system that need updated as well as a summary of changes in each package.

Once the package is installed you edit:

	/etc/apticron/apticron.conf

and set the EMAIL variable to the address of the person who should receive this information.
Very often this is the root user, but it could be another user, like yourself.

	EMAIL="sysadm@localhost"

"root@localhost" often points to another user, and this user account may point to whoever
is currently doing system administration on your machine.

Go ahead and install apticron and update the apticron.conf file to point EMAIL to sysadm@localhost.

NOTE! This package installs the Postfix MTA. This is fine in this case, but could be an issue if
you had a different MTA installed and configured on your system.

During installation you will be asked "What type of site" to configure for Postfix. Choose the
default highlighted option of "Internet site" - In addition your machines FQDN (Fully 
Qualified Domain Name) will be requested. What is shown should be correct, so just choose OK
to continue when prompted.